Without the -whatif, with PowerShell 3.0, your computer now would have restarted.

ISE has placed the selected text in double quotes. So PowerShell tries and evaluates the code. $() is a direct variable that has no value but instead code that provides the value. This code now gets executed.

What It Means To You

One could argue this is a veeeery constructed example, but what it really tells you is the same story you may have heard about SQL injection attacks. It is a potential attack vector, and we do know about the creativity among attackers to exploit things like this.

What it also tells you is: look at your own code! Do not use double-quoted strings unless you really mean it. Use single-quoted text if the text is meant to be static.

And it also means: update to PowerShell 4.0! Go with the flow, enjoy the latest improvements – and bug fixes. Apparently, they did not make it into PowerShell 3.0.